Am 07.05.2014 20:41, schrieb Alon Bar-Lev:
Well, take the recent example of openssl issue that was found.
Now, imagine that all products that use openssl should have been re-released.
I think this is enough to understand how wrong this is.
Exactly,
if you want to take this serious, you must provide someone who monitors
any upstream project you might include and especially backport security
patches, maybe on your own, when talking about
"enterprise grade software".
So any included hard dependency that will be shipped by ovirt
must also be maintainable by ovirt.
So it's always a good choice to have as little deps as possible
but of course you always have _some_ .
Where to draw the line is a very difficult task and should be
very well reviewed.
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen